Surfing the Web and e-Shopping
All kinds of things can now be done online, from shopping, banking to studying and research. The followings are some best practices for surfing the web and e-shopping.
DO'S
Apply the latest updates and security patches to all relevant hardware / software items involved, including the operating systems, web browsers and anti-malware software.
Install and run a personal firewall as well as anti-malware software with the latest signatures updated.
Check the terms and disclaimers of any e-shopping site before using their services, e.g. check personal privacy statements, etc.
Choose well-known or trustworthy e-shopping sites.
Keep notice of key measures on providing information or making a purchase on a website:
Informed consent on personal information
Whether Seals of Approval applied (e.g. TRUSTe or WebTrust)
Check the security level of e-commerce websites before submitting personal information and conducting transactions (e.g. SSL, check for the https prefix, the lock icon in web browser, or the issuing authority of the site's digital certificate).
Apply for a Digital Certificate for electronic transactions.
Consider using Encryption to protect sensitive data transmitted over public networks and the Internet.
Keep a copy of transaction records. Most e-commerce sites present you with a summary of transaction before you click a Send or Buy button. Print this out or save it as a file to refer to later if necessary.
Avoid submitting any data that is irrelevant to the purpose for which it is being collected. Be particularly cautious if asked for personal information, such as credit card or bank account numbers.
Be alert to the latest news on sites that are notorious for suspicious activities, or labelled as "bad sites".
Remember to logoff at the end of a session.
Use different sets of logins and passwords for different web applications and services.
Change the passwords used in critical web applications regularly if 2-factor authentication is not supported.
Report abnormal behaviour to service provider or ISP immediately.
DON'TS
Don't turn on options that enable active content (e.g. Active X, Java, JavaScript, cookies) in email application or browser except communicating with a trusted source. This will help prevent malicious code attacks.
Don't download data or software from unknown sources.
Don't try to visit untrustworthy sites just out of curiosity.
Don't forget to check the privacy policy of a website, ensuring that the personal data you provide is properly used and protected.
Don't open any suspicious emails or instant messages, as well as the attachments and hyperlinks inside.
Don't login to critical web applications from a public computer.
Don't cache your username and password in your workstation.
Related topic(s):